added unittests, now using form errors and fixed bug when no GET parameter is given for /edit/profile/

mediagoblin/edit/views.py

@@ -162,17 +162,22 @@ def edit_profile(request):
         bio=user.get('bio'))
 
     if request.method == 'POST' and form.validate():
-        user['url'] = unicode(request.POST['url'])
+        password_matches = auth_lib.bcrypt_check_password(
-        user['bio'] = unicode(request.POST['bio'])
+            request.POST['old_password'],
-
+            user['pw_hash'])
-        password_matches = auth_lib.bcrypt_check_password(request.POST['old_password'],
-                                                          user['pw_hash'])
 
         if (request.POST['old_password'] or request.POST['new_password']) and not \
                 password_matches:
-            messages.add_message(request,
+            form.old_password.errors.append(_('Wrong password'))
-                                 messages.ERROR,
+
-                                 _('Wrong password'))
+            return render_to_response(
+                request,
+                'mediagoblin/edit/edit_profile.html',
+                {'user': user,
+                 'form': form})
+
+        user['url'] = unicode(request.POST['url'])
+        user['bio'] = unicode(request.POST['bio'])
 
         if password_matches:
             user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
@@ -187,7 +192,7 @@ def edit_profile(request):
                              _("Profile edited!"))
         return redirect(request,
                        'mediagoblin.user_pages.user_home',
-                        user=edit_username)
+                        user=user['username'])
 
     return render_to_response(
         request,

mediagoblin/tests/test_edit.py

@@ -0,0 +1,112 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from mediagoblin import mg_globals
+from mediagoblin.tests.tools import setup_fresh_app
+from mediagoblin.tools import template
+from mediagoblin.auth.lib import bcrypt_check_password, \
+                                 bcrypt_gen_password_hash
+
+
+@setup_fresh_app
+def test_change_password(test_app):
+    """Test changing password correctly and incorrectly"""
+    # set up new user
+    test_user = mg_globals.database.User()
+    test_user['username'] = u'chris'
+    test_user['email'] = u'chris@example.com'
+    test_user['email_verified'] = True
+    test_user['status'] = u'active'
+    test_user['pw_hash'] = bcrypt_gen_password_hash('toast')
+    test_user.save()
+
+    test_app.post(
+        '/auth/login/', {
+            'username': u'chris',
+            'password': 'toast'})
+
+    # test that the password can be changed
+    # template.clear_test_template_context()
+    test_app.post(
+        '/edit/profile/', {
+            'bio': u'',
+            'url': u'',
+            'old_password': 'toast',
+            'new_password': '123456',
+            'confirm_password': '123456'})
+
+    # test_user has to be fetched again in order to have the current values
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    assert bcrypt_check_password('123456', test_user['pw_hash'])
+
+    # test that the password cannot be changed if the given old_password
+    # is wrong
+    # template.clear_test_template_context()
+    test_app.post(
+        '/edit/profile/', {
+            'bio': u'',
+            'url': u'',
+            'old_password': 'toast',
+            'new_password': '098765',
+            'confirm_password': '098765'})
+
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    assert not bcrypt_check_password('098765', test_user['pw_hash'])
+
+
+@setup_fresh_app
+def change_bio_url(test_app):
+    """Test changing bio and URL"""
+    # set up new user
+    test_user = mg_globals.database.User()
+    test_user['username'] = u'chris'
+    test_user['email'] = u'chris@example.com'
+    test_user['email_verified'] = True
+    test_user['status'] = u'active'
+    test_user['pw_hash'] = bcrypt_gen_password_hash('toast')
+    test_user.save()
+
+    # test changing the bio and the URL properly
+    test_app.post(
+        '/edit/profile/', {
+            'bio': u'I love toast!',
+            'url': u'http://dustycloud.org/'})
+
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    assert test_user['bio'] == u'I love toast!'
+    assert test_user['url'] == u'http://dustycloud.org/'
+
+    # test changing the bio and the URL inproperly
+    too_long_bio = 150 * 'T' + 150 * 'o' + 150 * 'a' + 150 * 's' + 150* 't'
+
+    test_app.post(
+        '/edit/profile/', {
+            # more than 500 characters
+            'bio': too_long_bio,
+            'url': 'this-is-no-url'})
+
+    test_user = mg_globals.database.User.one({'username': 'chris'})
+
+    context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/edit/edit_profile.html']
+    form = context['edit_profile_form']
+
+    assert form.bio.errors == [u'Field must be between 0 and 500 characters long.']
+    assert form.url.errors == [u'Improperly formed URL']
+
+    # test changing the url inproperly